zoukankan      html  css  js  c++  java
  • 1 安装bind9

    1 准备工作

    1 安装epel源
    yum install -y epel-release
    
    2 安装常用工具
    yum install -y wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils vim
    
    3 系统优化
    vi /etc/security/limits.conf
    追加
    * soft nofile 65535
    * hard nofile 65535
    
    4.在rstx4-201.rongbiz.cn安装Bind
    yum install -y bind
     rpm -qa bind
    

    配置bind

    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    // See the BIND Administrator's Reference Manual (ARM) for details about the
    // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
    
    options {
    	listen-on port 53 { 192.168.1.201; };
    	directory 	"/var/named";
    	dump-file 	"/var/named/data/cache_dump.db";
    	statistics-file "/var/named/data/named_stats.txt";
    	memstatistics-file "/var/named/data/named_mem_stats.txt";
    	recursing-file  "/var/named/data/named.recursing";
    	secroots-file   "/var/named/data/named.secroots";
    	allow-query     { any; };
            forwarders      { 223.5.5.5; };
    	/* 
    	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
    	   recursion. 
    	 - If your recursive DNS server has a public IP address, you MUST enable access 
    	   control to limit queries to your legitimate users. Failing to do so will
    	   cause your server to become part of large scale DNS amplification 
    	   attacks. Implementing BCP38 within your network would greatly
    	   reduce such attack surface 
    	*/
    	recursion yes;
    
    	dnssec-enable yes;
    	dnssec-validation no;
    
    	/* Path to ISC DLV key */
    	bindkeys-file "/etc/named.root.key";
    
    	managed-keys-directory "/var/named/dynamic";
    
    	pid-file "/run/named/named.pid";
    	session-keyfile "/run/named/session.key";
    };
    
    
    
    [root@rstx4-201 ~]# vi /etc/named.conf			# BIND进程的工作属性,区域的定义
    13         listen-on port 53 { 192.168.1.111; };	# 监听本机IP
    14         listen-on-v6 port 53 { ::1; };		# 删除,不监听IPV6
    20         allow-query     { any; };			# 允许所有主机查看
    21         forwarders      { 192.168.1.1; };		# 办公网上一级的DNS
    33         recursion yes;				# dns采用递归的查询
    35         dnssec-enable no;				# 关闭,节省资源(生产可能不需要关闭)
    36         dnssec-validation no;			# 关闭,节省资源,不做互联网认证
    

    检查配置文件是否正确

    [root@rstx4-201 ~]# named-checkconf
    [root@rstx4-201 ~]# echo $?
    0
    

    配置区域配置文件
    [root@rstx4-201 ~]# vi /etc/named.rfc1912.zones

    最后添加

    zone "rongbiz.cn" IN {
            type  master;
            file  "rongbiz.cn.zone";
            allow-update { 192.168.1.201; };
    };
    zone "host.com" IN {
            type  master;
            file  "host.com.zone";
            allow-update { 192.168.1.201; };
    };
    
    
    

    配置区域数据文件
    host.com

    cat /var/named/host.com.zone 
    $ORIGIN host.com.
    $TTL 600	; 10 minutes
    @   		IN SOA	dns.host.com. dnsadmin.host.com. (
    				2020122801 ; serial
    				10800      ; refresh (3 hours)
    				900        ; retry (15 minutes)
    				604800     ; expire (1 week)
    				86400      ; minimum (1 day)
    				)
    				NS   dns.host.com.
    $TTL 60	; 1 minute
    dns         A    192.168.1.201
    rstx4-201   A    192.168.1.201
    rstx4-202   A    192.168.1.202
    rstx4-203   A    192.168.1.203
    rstx4-204   A    192.168.1.204
    rstx4-205   A    192.168.1.205
    rstx4-214   A    192.168.1.214
    rstx4-240   A    192.168.1.240
    rstx4-241   A    192.168.1.241
    rstx4-53    A    192.168.1.53
    
    

    rongbiz.cn

    [root@rstx4-201 ~]# vi /var/named/rongbiz.cn.zone
    $ORIGIN rongbiz.cn.
    $TTL 600	; 10 minutes
    @   		IN SOA	dns.rongbiz.cn. dnsadmin.rongbiz.cn. (
    				2020071501 ; serial
    				10800      ; refresh (3 hours)
    				900        ; retry (15 minutes)
    				604800     ; expire (1 week)
    				86400      ; minimum (1 day)
    				)
    				NS   dns.rongbiz.cn.
    $TTL 60	; 1 minute
    dns         A    192.168.1.201
    rstx4-201   A    192.168.1.201
    rstx4-202   A    192.168.1.202
    rstx4-203   A    192.168.1.203
    rstx4-204   A    192.168.1.204
    rstx4-205   A    192.168.1.205
    rstx4-53    A    192.168.1.53
    

    检查配置文件是否正确

    [root@rstx4-201 named]# named-checkconf
    [root@rstx4-201 named]# echo $?
    0
    [root@rstx-201 ~]# dig -t A rstx4-214.host.com @192.168.1.201 +short
    192.168.1.214
    
    

    检测区域数据文件

    [root@rstx4-201 named]# named-checkzone "rongbiz.cn" /var/named/rongbiz.cn.zone 
    zone rongbiz.cn/IN: loaded serial 2020071501
    OK
    

    更改文件的属组,权限

    [root@rstx4-201 named]# chown root:named /var/named/host.com.zone 
    [root@rstx4-201 named]# chown root:named /var/named/rongbiz.cn.zone
    [root@rstx4-201 named]# chmod 640 /var/named/host.com.zone 
    [root@rstx4-201 named]# chmod 640 /var/named/rongbiz.cn.zone
    
    启动named
    [root@rstx4-201 named]# systemctl restart named
    [root@rstx4-201 named]# systemctl enable named
    
    查看启动端口
    [root@rstx4-201 named]# netstat -luntp | grep 53
    
    验证解析
    [root@rstx4-201 named]# dig -t A rstx4-201.rongbiz.cn @192.168.1.201 +short
    192.168.1.201
    [root@rstx4-201 named]# dig -t A rstx4-205.rongbiz.cn @192.168.1.201 +short
    192.168.1.205
    
    

    更改客户端dns

    # vi /etc/sysconfig/network-scripts/ifcfg-eth0
    DNS1="192.168.1.201"
    [root@rstx4-201 named]# systemctl restart network
    
    [root@moban rpm-gpg]# cat /etc/resolv.conf 
    # Generated by NetworkManager
    search rongbiz.cn
    nameserver 192.168.1.201
    
    [root@rstx4-201 named]# ping rstx4-201.rongbiz.cn
    
    添加主机域search host.com使用短域名
    [root@rstx4-201 named]# cat /etc/resolv.conf 
    # Generated by NetworkManager
    search rongbiz.cn
    
    [root@rstx4-201 named]# ping rstx4-201
    
    更改所有主机的DNS,重启网卡
    # vi /etc/sysconfig/network-scripts/ifcfg-eth0
    DNS1="192.168.1.201"
    # systemctl restart network
    
    将虚拟机的网卡DNS也改成192.168.1.201	IPV4 -- 高级 -- 越点改成20
    将本机的网卡DNS也改成192.168.1.201        IPV4 -- 高级 -- 越点改成20
    
  • 相关阅读:
    快速构建ceph可视化监控系统
    Codeforces Round #277.5 解题报告
    【MapReduce】经常使用计算模型具体解释
    Unity3D教程:静态调用C#的dll
    【Oracle错误集锦】:PLSQL无法直连64位Oracle11g数据库
    关于ios下字体描边的一个细节
    未来社交站点:15秒内让你闻名全球 虚拟现实与社交网络融合
    iOS多语言(国际化)开发(尾随系统 + APP内手动设置)
    Java String对象的经典问题
    jsp+tomcat+ 创建project 配置project
  • 原文地址:https://www.cnblogs.com/yangtao416/p/13306098.html
Copyright © 2011-2022 走看看